Hacker Geohot releases root tool for Galaxy S5 and most other Android devices

This site may earn affiliate commissions from the links on this page. Terms of use.

Google and the big Android OEMs have been beefing up security of the years, which is a good thing for everyone. As a consequence, however, it’s harder to gain root access to new Android devices. Some particularly tough phones include the AT&T and Verizon versions of the Samsung Galaxy S5. After XDA members took up a collection now valued at over $18,000, famed developer George “Geohot” Hotz has come forward with a working root method. Oh, it also roots almost every other Android phone.

Having root access to your Android device means you can make system-level changes — it’s like running an administrator account on a computer. It used to be trivial to root an Android device, but they’re much more locked down these days. A Nexus phone can be unlocked and rooted in mere moments, but devices from Motorola and HTC also have official support for bootloader unlocks (which allows rooting). Other devices require a little more fiddling around.

The Towelroot tool developed by Geohot differs from all the standard root methods in that it uses an exploit to root phones. Simply install the APK from Geohot’s site and run it. It looks like most devices running Android 4.4.2 or earlier can be rooted with this method. That includes all of Samsung’s recent phones like the Note 3, Galaxy S5, and Galaxy S4. All of LG’s newer flagships (G2, G3, G2 Pro, etc.) are susceptible as well. And that’s just the start.

Towelroot is based on a Linux kernel vulnerability previously uncovered by hacker Pinkie Pie, which is bad news from a security standpoint. Widespread hacks like this were common years back with universal root tools like Rage Against the Cage. The newest builds of the Android kernel seem to have partially blocked the Towelroot exploit, but it’s not yet clear if it’s completely solved. Even if Google has blocked it, there are a lot of vulnerable devices out there.

This is all great news if you want to use root-only apps on your device, but it’s even better news for malware creators. Since this is just a one-click APK, it could be packaged with other apps and distributed to unsuspecting users. Root access gives a nefarious app much more power over the device, which you definitely don’t want. Google has probably already updated its Google Play “Bouncer” anti-malware filter, but the internet is a big place.

You should only download Towelroot from the official page. That’s also where Geohot is accepting donations for his work via PayPal and Bitcoin. Be aware this tool will probably void your warranty, especially on Samsung devices where it will trip the Knox security flag.